This document discusses using static application security testing (SAST) tools for TYPO3 extensions. It begins with an introduction of the speaker and an overview of SAST basics and context. Several SAST tools are then evaluated using a demo TYPO3 application, finding that PsalmPHP is most suitable due to its support for PHP features. Next, how PsalmPHP can be used for TYPO3 is explained through stubs, annotations, and a demo runner. Finally, future steps are outlined to improve support for additional TYPO3 components and integrate SAST into the extension review process.